diff options
author | Ross Burton <ross@burtonini.com> | 2022-02-23 12:54:31 +0000 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2022-03-07 10:52:04 +0800 |
commit | 3c79237085169b96cc56910b08263437cad09e4d (patch) | |
tree | 0c1524d3fddbec89efc00f9628ee5ad3b31cef73 | |
parent | 04c5f72add897fe2ef09b5ac0983ede8a36e7816 (diff) | |
download | openembedded-core-contrib-3c79237085169b96cc56910b08263437cad09e4d.tar.gz |
cve-check: get_cve_info should open the database read-only
All of the function in cve-check should open the database read-only, as
the only writer is the fetch task in cve-update-db. However,
get_cve_info() was failing to do this, which might be causing locking
issues with sqlite.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8de517238f1f418d9af1ce312d99de04ce2e26fc)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-rw-r--r-- | meta/classes/cve-check.bbclass | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 21d3da7974..646929d2ed 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -265,7 +265,8 @@ def get_cve_info(d, cves): import sqlite3 cve_data = {} - conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE")) + db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") + conn = sqlite3.connect(db_file, uri=True) for cve in cves: for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): |